Issue a New PKCS#12 Keystore for an SSL Server
The following covers how to issue a PKCS#12 keystore suitable for SSL/TLS servers, such as web servers.
Before you begin, you should previously have created a certificate profile and end entity profile for SSL servers. For more information, see:
To request a certificate:
- Access EJBCA RA Web and click Make new request.
- In the Certificate Type field, select SSLServerEndEntityProfile.
- Under Certificate subtype, you should not be able to choose anything but the default SSLServerCertificateProfile.
- Under CA, you should not be able to choose anything but the default ManagementCA.
- Select the Key-pair generation option By the CA.
- In Key algorithm, select RSA 2048 bits.
- In CN, Common Name, enter testsrv.domain.com.
- In DNS Name, enter testsrv.domain.com.
- At Username, enter testsrv.domain.com.
- At Enrollment code, enter a password. This will be the same password that is used to protect the certificate once downloaded.
- Click Download PKCS#12 to download and save the newly created certificate file.
A new certificate is generated and downloaded to your desktop.
To view the certificate, import the P12 certificate file by double-clicking it.
.png)